<?php
function userIsLoggedIn()
{

	if (isset($_POST['action']) and $_POST['action'] == 'login')
	{
		//if username was empty
		if (!isset($_POST['username']) or $_POST['username'] == '')
		{
			$GLOBALS['logUsrNameError'] = 'Please fill user name';
		}
		
		//if password was empty
		if (!isset($_POST['password']) or $_POST['password'] == '')
		{
			$GLOBALS['logPwdError'] = 'Please fill password';
		}

		//if security code was invalid
		if (isset($_POST['captcha']) and isset($_SESSION['security_code']) and(($_POST['captcha'] != $_SESSION['security_code'])))
		{
			$GLOBALS['logSecurError'] = 'Security code was incorrect';
		}
		
		//if security code was empty
		if (!isset($_POST['captcha']) or $_POST['captcha'] == '' or !isset($_SESSION['security_code']))
		{
	       $GLOBALS['logSecurError'] = 'Please fill security code';
		}
		
		
		if(isset($GLOBALS['logUsrNameError']) or isset($GLOBALS['logPwdError']))
		{
			return FALSE;
		}
	
		
		// get from login form
		$username = $_POST['username'];
		$password = $_POST['password'];
		
		if (databaseContainsUser($username, $password))
		{
			$_SESSION['loggedIn'] = TRUE;
			$_SESSION['username'] = $username;
			$_SESSION['password'] = $password;
			//if username & password was valid,check secutity code
			if(isset($GLOBALS['logSecurError']))
			{
				return FALSE;
			}
			return TRUE;
		}
		//username & password was invaid
		else
		{
			unset($_SESSION['loggedIn']);
			unset($_SESSION['username']);
			unset($_SESSION['password']);
			unset($_SESSION['who']);
			unset($_SESSION['security_code']);
			session_unset(); // new, don't know if it is safe
			$GLOBALS['logUsrNameError'] = 'User name was incorrect';
			$GLOBALS['logPwdError'] = 'Password was incorrect';
			return FALSE;
		}
		
	}
	
	
	if (isset($_POST['action']) and $_POST['action'] == 'logout')
	{
		unset($_SESSION['loggedIn']);
		unset($_SESSION['username']);
		unset($_SESSION['password']);
		unset($_SESSION['who']);
		unset($_SESSION['security_code']);
		session_unset(); // new, don't know if it is safe
		header('Location: ' . $_POST['goto']);
		exit();
	}

	if (isset($_SESSION['loggedIn']))
	{
		return databaseContainsUser($_SESSION['username'], $_SESSION['password']);
	}
}

function databaseContainsUser($username, $password)
{
	include '/includes/db.inc.php';
	
	// hold original password
	$original_pass = $password;
	
	// remember real-escape variables before pass them to MySQL server (to prevent injection attack)
	$username = mysqli_real_escape_string($link, $username);
	$password = mysqli_real_escape_string($link, $password);
	$sql = "SELECT user, select_priv, insert_priv, update_priv, delete_priv FROM mysql.user WHERE user = '$username' AND password = PASSWORD('$password')";
	$result = mysqli_query($link, $sql);
	if(!$result)
	{
		$error = 'Error fetching count of user';
		include 'error.html.php';
		exit();
	}

	// check if this is mysql user (mysql users include "root" and "sv")
	$num_of_rows = mysqli_num_rows($result);
	if($num_of_rows > 0)
	{
		// check if it is "root"
		$row = mysqli_fetch_array($result);
		if($row['select_priv'] == 'Y' and $row['insert_priv'] == 'Y' and
		$row['update_priv'] == 'Y' and $row['delete_priv'] == 'Y')
		{
			$_SESSION['who'] = 'admin';
			return TRUE;
		}
	}

	// it's user "sv" or someone
	$password = mysqli_real_escape_string($link, md5($original_pass . 'qldsv'));
	$sql = "SELECT COUNT(*) FROM qldsv.sinh_vien WHERE mssv = '$username' AND mat_ma = '$password'";
	$result = mysqli_query($link, $sql);
	$row = mysqli_fetch_array($result);
	if($row[0] > 0)
	{
		$_SESSION['who'] = 'student';
		return TRUE;
	}

	return FALSE;
}
?>































